#!/bin/bash
#author:sujunquan
#date:
#脚本说明：删除指定的iptables端口,支持INPUT,OUTPUT

#用户输入要删除的端口
read -p "-->input you want to delete prot:" port

#判断防火墙里有没有用户输入的端口,没有则退出程序
if ! iptables -S |grep -w "$port" > /dev/null 2>&1;then
   echo "There is no you want to delete the firewall port!!!"
   echo "exit.......byebye........"
   exit 1
fi
#判断防火里有几条端口一样的规则
line=`iptables -L -n |grep -w "$port"|wc -l`

#循环规则数量,有几条循环几次
for i in `seq $line`
 do
    #在防火墙里找出用户输入的端口规则,只截取第一条的行数
    delnum=`iptables -L -n --line|grep -w "$port"|awk '{print $1}'|head -1`
    #判断INPUT链里有没有合乎的规则,有就删除对应规则,没有则删除OUTPUPT链相对应规则
    if iptables -S INPUT |grep -w "$port" > /dev/null 2>&1;then
       iptables -D INPUT $delnum
       [ $? -eq 0 ] && echo "delete INPUT $port OK"
    else
       iptables -D OUTPUT $delnum
       echo "delete OUTPUT $port OK"
     fi
  done
#删除防火墙之后,询问用户是否在保存 
read -p "Are you want to save iptables change?" IN
case $IN in
Y|y)
   service iptables save;;
N|n)
   service iptables restart > /dev/null 2>&1
   echo "bye bye....";;
*)
  echo "I known you want to func doing";;
esac
